• NowSecure
  • Introduction
  • Mobile Security Primer
  • Coding Practices
    • Increase Code Complexity and Use Obfuscation
    • Avoid Simple Logic
    • Test Third-Party libraries
    • Implement Anti-tamper Techniques
    • Securely Store Sensitive Data in RAM
    • Understand Secure Deletion of Data
    • Avoid Query String for Sensitive Data
  • Handling Sensitive Data
    • Implement Secure Data Storage
    • Use SECURE Setting For Cookies
    • Fully validate SSL/TLS
    • Protect Against SSL Downgrade Attacks
    • Limit Use of UUID
    • Treat Geolocation Data Carefully
    • Institute Local Session Timeout
    • Implement Enhanced/Two-Factor Authentication
    • Protect Application Settings
    • Hide Account Numbers and Use Tokens
    • Implement Secure Network Transmission Of Sensitive Data
    • Validate Input From Client
    • Avoid Storing App Data in Backups
  • Caching and Logging
    • Avoid Caching App Data
    • Avoid Crash Logs
    • Limit Caching of Username
    • Carefully Manage Debug Logs
    • Be Aware of the Keyboard Cache
    • Be Aware of Copy and Paste
  • Webviews
    • Prevent Framing and Clickjacking
    • Protect against CSRF with form tokens
  • iOS
    • Use the Keychain Carefully
    • Avoid Cached Application Snapshots
    • Implement Protections Against Buffer Overflow Attacks
    • Avoid Caching HTTP(S) Requests/Responses
    • Implement App Transport Security (ATS)
    • Implement Touch ID Properly
  • Android
    • Implement File Permissions Carefully
    • Implement Intents Carefully
    • Check Activities
    • Use Broadcasts Carefully
    • Implement PendingIntents Carefully
    • Protect Application Services
    • Avoid Intent Sniffing
    • Implement Content Providers Carefully
    • Follow WebView Best Practices
    • Avoid Storing Cached Camera Images
    • Avoid GUI Objects Caching
    • Sign Android APKs
  • Servers
    • Implement Proper Web Server Configuration
    • Properly Configure Server-side SSL
    • Use Proper Session Management
    • Protect and Perform Penetration Testing of Web Services
    • Protect Internal Resources
  • Published with GitBook

Handling Sensitive Data

  Read PDF

Handling Sensitive Data

  • 3.1 Implement Secure Data Storage
  • 3.2 Use SECURE Setting For Cookies
  • 3.3 Fully validate SSL/TLS
  • 3.4 Protect Against SSL Strip
  • 3.5 Limit Use of UUID
  • 3.6 Treat Geolocation Data Carefully
  • 3.7 Institute Local Session Timeout
  • 3.8 Implement Enhanced/Two-Factor Authentication
  • 3.9 Protect Application Settings
  • 3.10 Hide Account Numbers and Use Tokens
  • 3.11 Implement Secure Network Transmission Of Sensitive Data
  • 3.12 Validate Input From Client
  • 3.13 Avoid Storing App Data in Backups

results matching ""

    No results matching ""